India Mandates SIM Link for Messaging Apps

In a major step to enhance telecom cybersecurity, the Indian government now requires all messaging apps—like WhatsApp, Telegram, Signal, and others—to stay continuously linked to a user’s active SIM card. This was Issued by the Department of Telecommunications on November 28, the directive mandates full compliance within 120 days. 

The move targets apps that use mobile numbers for identification but allow access without the SIM being present in the device—an issue the DoT says is being exploited from abroad to commit cyber frauds.
 
Under the Telecommunications Act, 2023 and Cyber Security Rules, all relevant service providers (TIUEs) must ensure that:
·       The app works only if the associated SIM is active in the user’s device (within 90 days).
·       Web versions of these apps must auto-logout every 6 hours, requiring re-authentication via QR code.
·       Compliance reports must be submitted within 120 days.

Non-compliance may invite legal action.
 
Apps likely to be impacted include WhatsApp, Telegram, Signal, Arattai, ShareChat, JioChat, Snapchat, and Josh.
 
However, the directive leaves ambiguity around international numbers, potentially allowing continued misuse in cross-border cybercrimes. 
 
The rules come into effect immediately, placing the onus on providers to implement the necessary changes